"Verseuchter" Computer ...

BusterKe · 16.11.2004, 22:39

Logfile of HijackThis v1.98.2
Scan saved at 23:28:54, on 16.11.04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.50 (5.50.4134.0600)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAMME\NORTON SYSTEMWORKS\NORTON UTILITIES\NPROTECT.EXE
C:\PROGRAMME\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\CSINJECT.EXE
C:\PROGRAMME\GEMEINSAME DATEIEN\SYMANTEC SHARED\SYMTRAY.EXE
C:\PROGRAMME\GEMEINSAME DATEIEN\WINTOOLS\WTOOLSA.EXE
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\PROGRAMME\TOOLBAR\TBPS.EXE
C:\PROGRAMME\TOOLBAR\PIB.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAMME\GEMEINSAME DATEIEN\WINTOOLS\WSUP.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\ATICWD32.EXE
C:\WINDOWS\SYSTEM\ATITASK.EXE
C:\PROGRAMME\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\PROGRAMME\MICROSOFT HARDWARE\MOUSE\POINT32.EXE
C:\PROGRAMME\NORTON ANTIVIRUS\POPROXY.EXE
C:\PROGRAMME\GEMEINSAME DATEIEN\CMEII\CMESYS.EXE
C:\WINDOWS\SYSTEM\CGTASK.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAMME\GEMEINSAME DATEIEN\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\180AX.EXE
C:\PROGRAMME\CASHBACK\BIN\CASHBACK.EXE
C:\PROGRAMME\BULLSEYE NETWORK\BIN\BARGAINS.EXE
C:\PROGRAMME\INTEL\INTEL PSNCU\CPUNUMBER.EXE
C:\PROGRAMME\ICQ\NDETECT.EXE
C:\PROGRAMME\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAMME\GEMEINSAME DATEIEN\GMT\GMT.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\WINS32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAMME\MICROSOFT OFFICE\OFFICE\OSA9.EXE
C:\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.searchxl.com/ie/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.searchxl.com/ie/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:NavigationFailure
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:NavigationFailure
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.searchxl.com/ie/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.a1.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.searchxl.com/ie/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50162
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\TOOLBAR\TOOLBAR.DLL/sa
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:NavigationFailure
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:NavigationFailure
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:NavigationFailure
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.searchv.com/w/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.searchv.com/w/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:NavigationFailure
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = res://C:\PROGRA~1\TOOLBAR\TOOLBAR.DLL/sa
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer von A1.net
O2 - BHO: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:\Programme\Toolbar\toolbar.dll
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\GEMEIN~1\WINTOOLS\WTOOLSB.DLL
O2 - BHO: (no name) - {14954F05-380D-11D9-83FE-9D533CB8B203} - C:\WINDOWS\SYSTEM\GLO.DLL
O3 - Toolbar: IEMenuExtension toolbar - {6b95678d-30a4-4ff8-a72f-4208340c1f7f} - C:\PROGRAMME\IEMENUEXTENSION\TBEXTN.DLL
O3 - Toolbar: &Search Toolbar - {339BB23F-A864-48C0-A59F-29EA915965EC} - C:\Programme\Toolbar\toolbar.dll
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [IrMon] IrMon.exe
O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
O4 - HKLM\..\Run: [AtiKey] Atitask.exe
O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
O4 - HKLM\..\Run: [POINTER] C:\Programme\Microsoft Hardware\Mouse\point32.exe
O4 - HKLM\..\Run: [NPROTECT] C:\Programme\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O4 - HKLM\..\Run: [Norton eMail Protect] C:\Programme\Norton AntiVirus\POPROXY.EXE
O4 - HKLM\..\Run: [CMESys] "C:\PROGRAMME\GEMEINSAME DATEIEN\CMEII\CMESYS.EXE"
O4 - HKLM\..\Run: [Cgtask Services] C:\WINDOWS\SYSTEM\cgtask.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SystemSearch] REGEDIT.EXE -S c:\ie.reg
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [180ax] c:\windows\180ax.exe
O4 - HKLM\..\Run: [fibql] C:\WINDOWS\fibql.exe
O4 - HKLM\..\Run: [CashBack] C:\Programme\CashBack\bin\cashback.exe
O4 - HKLM\..\Run: [BullsEye Network] C:\Programme\BullsEye Network\bin\bargains.exe
O4 - HKLM\..\Run: [IE Menu Extension toolbar] rundll32.exe "C:\PROGRA~1\IEMENU~1\tbextn.dll" DllShowTB
O4 - HKLM\..\Run: [TBPS] C:\Programme\Toolbar\TBPS.exe
O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\GEMEIN~1\WINTOOLS\WTOOLSA.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Hidserv] Hidserv.exe run
O4 - HKLM\..\RunServices: [NPROTECT] C:\Programme\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O4 - HKLM\..\RunServices: [CSINJECT.EXE] C:\Programme\Norton SystemWorks\Norton CleanSweep\CSINJECT.EXE
O4 - HKLM\..\RunServices: [SymTray - Norton SystemWorks] C:\Programme\Gemeinsame Dateien\Symantec Shared\SymTray.exe "Norton SystemWorks"
O4 - HKLM\..\RunServices: [WinTools] C:\PROGRA~1\GEMEIN~1\WINTOOLS\WTOOLSA.EXE
O4 - HKLM\..\RunServicesOnce: [TBPS] C:\Programme\Toolbar\TBPS.exe /boot
O4 - HKLM\..\RunServicesOnce: [WinTools] C:\PROGRA~1\GEMEIN~1\WINTOOLS\WTOOLSA.EXE /boot
O4 - HKCU\..\Run: [IntelProcNumUtility] "C:\Programme\Intel\Intel PSNCU\CPUNumber.exe" /nosplash
O4 - HKCU\..\Run: [Mirabilis ICQ] C:\Programme\ICQ\NDetect.exe
O4 - HKCU\..\Run: [MsnMsgr] "c:\Programme\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\RunServices: [IntelProcNumUtility] "C:\Programme\Intel\Intel PSNCU\CPUNumber.exe" /nosplash
O4 - HKCU\..\RunServices: [Mirabilis ICQ] C:\Programme\ICQ\NDetect.exe
O4 - HKCU\..\RunServices: [MsnMsgr] "c:\Programme\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\RunOnce: [win32] c:\program files\wins32.exe
O4 - HKCU\..\RunServicesOnce: [win32] c:\program files\wins32.exe
O4 - Startup: GStartup.lnk = C:\Programme\Gemeinsame Dateien\GMT\GMT.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O14 - IERESET.INF: START_PAGE_URL=http://www.a1.net/
O16 - DPF: {2FF18E10-DE11-11D1-8161-00A0C90DD90C} (MSNBC News Menu Control 3.0) - http://www.zdf.msnbc.de/tools/NewsBrowser/nm0713.cab
O16 - DPF: {A1DC3241-B122-195F-B21A-000000000000} - http://pluginaccess.com/Browser_Plugin.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/1755c5764b3e5a5...dxIE601_de.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache...tup1.0.0.6.cab
O16 - DPF: {10000000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:\MAIN.MHT!http://d.dialer2004.com//colin/main.chm::/load.exe
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.johannrain-softwareentwic...itdefender.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall-Kontrolle) - http://housecall.trendmicro-europe.c...ll/Xscan53.cab
O16 - DPF: {11111111-1111-1111-1111-111111113458} - file://C:\WINDOWS\Tempor~1\Content.IE5\4XQJ4XYB\explorer2[1].cab
O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:\foo.mht!http://195.225.177.13/420/online.chm::/on-line.exe
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/7/532/6712/.../Installer.exe
O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} (Loader2 Control) - http://static.topconverting.com/activex/loader2.ocx
O18 - Protocol: tpro - {FF76A5DA-6158-4439-99FF-EDC1B3FE100C} - C:\Programme\Toolbar\toolbar.dll
O18 - Filter: text/html - {7E7A40E0-14CE-11D9-83FE-005015D30AEE} - C:\WINDOWS\SYSTEM\GLO.DLL
O18 - Filter: text/plain - {7E7A40E0-14CE-11D9-83FE-005015D30AEE} - C:\WINDOWS\SYSTEM\GLO.DLL

"Verseuchter" Computer ...

Log-Analyse und Auswertung: "Verseuchter" Computer ...

"Verseuchter" Computer ...

Ähnliche Themen: "Verseuchter" Computer ...